SSL_CTX_set_cert_store.pod revision 290207
1=pod 2 3=head1 NAME 4 5SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); 12 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); 13 14=head1 DESCRIPTION 15 16SSL_CTX_set_cert_store() sets/replaces the certificate verification storage 17of B<ctx> to/with B<store>. If another X509_STORE object is currently 18set in B<ctx>, it will be X509_STORE_free()ed. 19 20SSL_CTX_get_cert_store() returns a pointer to the current certificate 21verification storage. 22 23=head1 NOTES 24 25In order to verify the certificates presented by the peer, trusted CA 26certificates must be accessed. These CA certificates are made available 27via lookup methods, handled inside the X509_STORE. From the X509_STORE 28the X509_STORE_CTX used when verifying certificates is created. 29 30Typically the trusted certificate store is handled indirectly via using 31L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. 32Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions 33it is possible to manipulate the X509_STORE object beyond the 34L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 35call. 36 37Currently no detailed documentation on how to use the X509_STORE 38object is available. Not all members of the X509_STORE are used when 39the verification takes place. So will e.g. the verify_callback() be 40overridden with the verify_callback() set via the 41L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions. 42This document must therefore be updated when documentation about the 43X509_STORE object and its handling becomes available. 44 45=head1 RESTRICTIONS 46 47The X509_STORE structure used by an SSL_CTX is used for verifying peer 48certificates and building certificate chains, it is also shared by 49every child SSL structure. Applications wanting finer control can use 50functions such as SSL_CTX_set1_verify_cert_store() instead. 51 52=head1 RETURN VALUES 53 54SSL_CTX_set_cert_store() does not return diagnostic output. 55 56SSL_CTX_get_cert_store() returns the current setting. 57 58=head1 SEE ALSO 59 60L<ssl(3)|ssl(3)>, 61L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, 62L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> 63 64=cut 65